Tag Archive for Galaxy

| April 15, 2017
Comments Off on Open a New Galaxy Crack with a Pix

Open a New Galaxy Crack with a Pix

Open a New Galaxy Crack with a PixFollowers of the Bach Seat know biometrics have a limited value in replacing passwords. Despite the technical flaws another round of biometric hype is running across the intertubes. The latest round of biometric hype is coming from Samsung (005930). In the hope to revive their brand, they are on the verge of releasing the Galaxy S8. The Samsung Galaxy S8 includes the ability to use facial recognition software to unlock your brand new phone. CNet says that this idea “sounds awesome.”

Samsung Galaxy S8However, this awesome will lower the bar for your security. CNet reports that the video blogger MarcianoTech demonstrated a pre-release version of the Galaxy S8 is seen being unlocked using just a photo (at the 1:09 mark). To their credit Samsung has acknowledged that the Face Unlock feature is more for convenience than for security, and it cannot be used for mobile payments. Weak facial recognition software is a convenience for the user, it could also be very convenient for others, too.

The troubles with Face Unlock date back to 2011 when SlashGear reported that Google admitted the security system can be fooled by a picture of you and not the real thing. CNet reports that a Carnegie Mellon University spin-off in Pittsburgh, PittPatt, developed  that Face Unlock which was later acquired by Google (GOOG).

photographs are stored in facial recognition databasesJust to make Face Unlock and similar facial recognition systems more dangerous, the Guardian reports during recent testimony before congress the FBI admitted that they store about half of all adult Americans’ photographs in a facial recognition databases that can be accessed by the FBI. About 80% of photos in the FBI’s network are non-criminal entries, including driver’s licenses pictures from 18 states including Michigan (pdf) and passports.

The FBI first launched its advanced biometric database, Next Generation Identification, in 2010, augmenting the old fingerprint database with further capabilities including facial recognition. The bureau did not tell the public about its newfound capabilities nor did it publish a privacy impact assessment, required by law, for five years.

Unlike with the collection of fingerprints and DNA, which is done following an arrest, photos of innocent civilians are being collected proactively. The FBI made arrangements with 18 different states to gain access to their databases of driver’s license photos.States allowing FBI to search driver license pictures

 

I’m frankly appalled,” said Paul Mitchell, a congressman for Michigan. “I wasn’t informed when my driver’s license was renewed my photograph was going to be in a repository that could be searched by law enforcement across the country.” So anyone with a photo of you, or maybe even just access to your Facebook photos, could potentially access your phone.

rb-

There are two important reasons why biometrics don’t work, and why the old-fashioned password is still a better option: a person’s biometrics can’t be kept secret and they can’t be revoked.

There's no real way to conceal your eyes, face or fingerprints from the worldPeople expose their biometrics everywhere – they leave fingerprints behind at bars and restaurants, their faces and eyes are captured in photos and film, etc. There’s no real way to conceal your eyes, face, or fingerprints from the world. As far back as 2002, research led by Japanese cryptographer Tsutomu Matsumoto. Matsumoto and his team used clear gelatin to make artificial fingers that they then used to fool fingerprint scanners. The gelatin-based finger was successful in fooling all 11 devices tested. I wrote about spoofing fingerprints in 2016.

However, it’s the second problem with biometrics that is the really big one: once a person’s biometrics have been compromised, they will always be compromised. Since a person can’t change their fingerprint or whatever biometric is being relied upon, it’s ‘once owned, forever owned.’ That is biometrics’ major failing and the one that will be hardest to overcome.

Part of the reason is that it’s silly to only have 10 possible passwords your whole life (20, if you count toes) but unlike a password, once a biometric is compromised, it is permanent. Today, if your Twitter account gets hacked, you just change the password – but if you are using a biometric, you will be stuck with that hacked password for the rest of your life.

With the release of Windows 10, Microsoft (MSFT) stepped up their biometrics game. CNet reports that with the recent improvements in Windows 10 biometric security includes facial recognition software. Besides facial recognition, Windows Hello also supports fingerprint and iris recognition to secure your PC. For facial recognition though, Microsoft has partnered with chipmaker Intel (INTC) for its RealSense 3D camera tech to get the job done. RealSense uses depth-sensing infrared cameras to track the location and positions of objects, which Microsoft then uses to scan a person’s face or iris before unlocking the device in question.

To further push the biometrics agenda, more than 200 companies including Microsoft, Lenovo, Alibaba, and MasterCard have already come together to form a partnership known as the FIDO (Fast Identity Online) Alliance. Founded in 2013, FIDO was set up to address issues such as a worldwide adoption of standards for authentication processes over the Web to help reduce reliance on passwords.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , , , ,
| March 23, 2016
Comments Off on Fake Fingerprints Can Open Your Phone

Fake Fingerprints Can Open Your Phone

– Updated 03-30-2016 – The Business Insider proves that you can use Play-Doh to fool the fingerprint sensor in your Phone.

Fake Fingerprints Open GalaxyI have pointed out a number of times that biometrics will not be the complete final solution for passwords. Biometrics is the measurement and statistical analysis of people’s physical and behavioral characteristics. The technology is mainly used for identification and access control. The basic premise of biometric authentication is that everyone is unique. An individual can be identified by his or her intrinsic physical or behavioral traits.

Fake Fingerprints Can Open Your PhoneThere is a huge issue with biometrics.  You can’t change your intrinsic physical or behavioral traits if they get stolen or hacked. Well, now there is more proof that biometrics can be hacked without cutting off a finger.

Hack mobile phone authentication

Two smarty Sparty’s from Michigan State University’s biometrics group has figured out a way to hack mobile phone fingerprint authentication. According to Help Net Security, the MSU researchers can hack your secure phone by using just a scanner, a color inkjet printer, a special type of paper, and ink.

AgIC silver conductive ink cartridgesTurns out that the attack is easy to execute. The first step is to scan the target’s fingerprint image at 300 dpi or higher resolution. Then, the image is mirrored and the original or binarized fingerprint image is printed on the glossy side of an AgIC special paper. The printer uses AgIC silver conductive ink cartridges (along with normal black ink).

Magical conductive ink

CrunchBase explains that advances in material science have made it possible to manufacture almost magical conductive ink. AgIC silver conductive ink has tiny silver particles and can be purchased online. The ink is printed by standard Brother printers. The ink dries in a few seconds and conductivity emerges instantly when the traces are drawn on special photo inkjet printing paper also available online.

spoofed fingerprintAll in all, an attacker can have a spoofed fingerprint that would allow him to access a phone protected with fingerprint authentication in less than 15 minutes, and the cost of all the tools he needs to do this does not surpass $500.

Researchers Kai Cao and Anil Jain successfully managed to fool the fingerprint sensors on the Samsung (005930) Galaxy S6 and Huawei (002502) Hornor 7 phones.

They posted a demo of the attack on YouTube:

 

The attack is an improvement over Germany’s Chaos Computer Club’s attack against Apple (AAPL) Touch ID on iPhone 5S by lifting a fingerprint of the genuine user of a glass surface and then making a spoof fingerprint. More details about the Michigan State researchers’ work can be found here (PDF).

Only a matter of time

Starbucks app hackedThe Sparty researchers note that not all mobile phones can be hacked using this method. But their experiment is proof of the urgent need for anti-spoofing techniques for fingerprint recognition systems, especially for mobile devices which are being increasingly used as a part of two-factor authentication for site access and payment processing like Apple Pay, Google (GOOG) Pay, or Samsung Pay.

The researchers warn that it is only a matter of time before hackers develop improved hacking strategies not just for fingerprints, but other biometric traits that are being adopted for mobile phones (e.g., face, iris, and voice).

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , ,
| October 17, 2013
Comments Off on A Close Look at 802.11ac Wi-Fi

A Close Look at 802.11ac Wi-Fi

TA Close Look at 802.11ac Wi-Fiech pundits argue that the new Wi-Fi standard 802.11ac will replace wired gigabit Ethernet networking. 802.11ac is a supercharged version of 802.11n, offering link speeds ranging from 433 Mbps, up to multiple gigabits per second.

Wi-FiTo make 802.11ac dozens of times faster than 802.11n, the new standard works exclusively in the 5GHz band uses a huge chunk of bandwidth (80 or 160MHz), operates in up to eight spatial streams (MIMO), and a technology called beamforming.

At its core, 802.11ac is essentially an updated version of 802.11n, according to Sebastian Anthony the author of an ExtremeTech article “What is 802.11ac WiFi, and how much faster than 802.11n is it?” 802.11n was a huge performance increase over 802.11a and g. 802.11n introduced some key technologies that brought massive speed boosts. Where 802.11n had support for four spatial streams (4×4 MIMO) and a channel width of 40MHz, 802.11ac can use eight spatial streams and has channels up to 80MHz wide, which can be combined to make 160MHz channels. This means that 802.11ac has 8 x 160MHz of spectral bandwidth to play with, versus 4 x 40MHz – a huge difference that allows 802.11ac to send vast amounts of data across the airwaves.

Beamforming

What is new in Wi-Fi

802.11ac also introduces 256-QAM modulation (up from 64-QAM in 802.11n), which sends 256 different signals over the same frequency by shifting each signal to a slightly different phase. In theory, this quadruples the spectral efficiency of 802.11ac over 802.11n. Spectral efficiency is a measure of how well a given wireless protocol/modulation/multiplexing technique uses the bandwidth available to it.

802.11ac also introduces standardized beamforming Matthew Gast, Director of Product Management at AeroHive Networks published an article, “Investing in Beamforming: Is it worth it?” that explains beamforming.

Aerohive logoRather than transmitting a radio signal in all directions, beamforming figures out where the receiver is, and focus the energy towards the receiver. Instead of spraying radio energy all over the place, send packets as a “rifle shot” directly to the receiver’s antenna Mr.Gast explains.

Beamforming is a two-step process: First, figure out how to “aim” the transmission at the receiver, and second, send the transmission. With beamforming, a transmitter is betting that by paying the cost of the channel measurement process, the data transmission that follows will speed up enough to pay off the cost.

802.11n Beamforming was non-standardized, in 802.11ac, there is only one method of beamforming, called the Null Data Packet (NDP). (rb- Read the AeroHive article for a full description of NDP)

Aerohive’s Gast concludes that by steering the energy towards a receiver, beamforming enables you to take a step up to a higher data rate. Mr. Gast estimates that 802.11-based beamforming gives you a 3-5 dB gain.

802.11ac is speedyIn theory, at the 5GHz band with beamforming, 802.11ac should have the same or better range than 802.11n  However, Mr. Anthony says the 5GHz band, has less penetration power so it doesn’t have the same range as 2.4GHz (802.11b/g). The ExtremeTech article concludes that’s an acceptable trade-off: there simply isn’t enough spectral bandwidth in the cluttered 2.4GHz band to allow for 802.11ac’s gigabit-level speeds.

ExtremeTech‘s Anthony calculates there are two answers to how fast is Wi-Fi 802.11ac, the theoretical max speed, and the practical max speed that mere mortals will get surrounded by lots of signal-attenuating obstacles.

He calculates the theoretical max speed of 802.11ac is eight 160MHz 256-QAM channels, each of which is capable of 866.7Mbps – a grand total of 6,933Mbps, or just shy of 7Gbps. That’s a transfer rate of 900 megabytes per second. Compare this with 802.11n’s max theoretical speed, which was 600Mbps. He then says in practice, the current max speed of 802.11ac devices is 1.7Gbps.

ExtremeTech points out there will be a second wave of 802.11ac devices – due in 2014 after the standard is finalized – before 160MHz channels and multi-gigabit speeds become a reality. The max speed over an 80MHz channel is 433.3Mbps, and there aren’t any 802.11ac chipsets that support up to eight streams.

Broadcom logoKevin Fitchard at GigaOM reports that recently the Wi-Fi Alliance kicked off its 802.11ac certification program. First to get the official Wi-Fi stamp of approval was the Samsung Mega 6.3, followed by two other Samsung models.

As with the 802.11n certification process, the Wi-Fi equipment makers are moving faster than the standards bodies. The IEEE is actually still putting the finishing touches on the 802.11ac standard, which is not due until 2014.

Wi-Fi certifiedThe Wi-Fi Alliance expects the first batch of ac devices will support speeds of 433 Mbps and progress into more advanced levels of the standard. The Alliance has pre-certified systems from companies like Broadcom (BRCM), Qualcomm (QCOM), Realtek, and Marvell (MRVL). Cisco (CSCO) was one of the first vendors to get an access point certified.

“AC is going into mobile and portable devices first…,” Wi-Fi Alliance Marketing and Program Management Director Kelly Davis-Felner said. ABI Research estimates that 40 percent of all ac devices shipped in 2013 will be handsets.

rb-

Wi-Fi will replace wired Ethernet networkingWhile tech pundits argue that the new 802.11ac Wi-Fi will replace wired gigabit Ethernet networking at home and in the office. While the consumerization of IT and BYOD are strong forces, the life-cycle of cabling infrastructure is 25 years, a cost not lightly abandoned in the walls. it is more likely to happen at home first. Who wants all the crappy wires running all over the house?

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: wi-fi | Tags: , , , , , , , , , , , , , , , , , , ,
| April 22, 2011
Comments Off on Tablets Notes

Tablets Notes

Forrester Report Casts Doubt on iPad Competitors

Tablets NotesThe New York Times cites a recent Forrester (FORR) report on the state and near future of the tablet marketplace titled “iPad Challengers Have Flawed Product Strategies.”

The report’s main conclusion was that Apple’s (AAPL) iPad competitors have not addressed pricing, distribution, and product differentiation adequately to make a case to consumers.

  1. The new tablets are too expensive. Apple has, unexpectedly, kept iPad prices comparatively low. The Motorola (MSI) Xoom starts at $100 more than the iPad and Samsung’s Galaxy Tab can be had for $250, but that does not include a two-year contract with a mobile carrier. Someone should be coming in to undercut this market, but that has proved harder than it looks.
  2. The wrong stores are selling tablets. Forrester’s research shows that one of the least desirable places to buy a tablet is at a cellphone store. But many tablet makers continue to rely on wireless carriers as a primary retail channel, which Forrester’s report concludes is a bad bet.
  3. The new tablets are not distinguished enough.  The average user does not care about specs because it’s about the apps that run on these toys.
  4. The new tablets are not Windows. Forrester’s survey said the number one operating system people want on a tablet is Windows. If Microsoft (MSFT) is not going to release a true tablet-ready OS until late-summer 2012, those who want a Windows tablet may have to wait for two generations of tablets.

Forrester speculates that an Amazon (AMZN) tablet could change the market. Amazon could offer more attractive terms to media partners than Apple. It already has scads of credit-card numbers for easy one-click app purchases. It has media offerings like streaming video. It now has some experience designing, marketing, and selling its own hardware with the Kindle.

Cisco Cius

CiscoDoes anyone remember Cisco’s Cius? In case you don’t No Jitter has an article from June 2010 by Zeus Kerravala of the Yankee Group. The Cius was purported to be a tablet that can dock into a base station and can act as a video phone. When undocked the device operates like a tablet computer that can be carried around and shared between workers.

Mr. Kerravala says the Cius tablet isn’t really meant to be a replacement for a laptop or an Apple (AAPL) iPad type of tablet. It’s a communications-centric tablet that can provide an easy interface into vertically specific applications, make videoconferencing portable and create a new way for people to interact with one another. The Cius will be centered on visual communications and not productivity applications like word processing and spreadsheets.

The Cius uses  Google’s (GOOG) Android operating system, perhaps to attract developers. The article says the Cisco (CSCO) of a few years ago would have chosen to build its own interface. Android is a key to the success of Cius. The likelihood of developers building applications for an Android-based Cisco device is higher than developers creating applications for a Cisco operating system.

According to the article, the Cius is to be priced under $1,000, comparable to a high-end Cisco IP phone. While no network operator partners were announced at the time, Cisco said that the device was WiFi, 3G, and 4G capable.

Are the End Days Nearing for PCs (and Macs)

GigaOm‘s Ryan Kim recently wrote that the glory days of the PCs are fading with the rise of more nimble smartphones and tablets. Wi-Fi provider JiWire confirmed this trend over the Christmas holidays. JiWire, which operates 35,000 public Wi-Fi hot-spots in the U.S., saw new iPad connections increase by 33.8 percent and new Android (GOOG) users were up 47.9 percent while new Mac users were down 28.1 percent and new PC connections were down 12 percent over the Christmas holidays. Mr. Kim writes that this trend marks people’s dependence on computers is waning as they find more utility and portability in smartphones and tablets.

This trend is shaking up the computer world according to GigaOm. Gartner (IT) recently predicted that PC sales would decline 10% in the face of increased tablet sales. And as mobile networks ramp up to 4G and Wi-Fi usage grows, it’s only fueling the interest in mobile devices. This is a major shift that is forcing all the big players to adjust. The author points out that:

  • Microsoft (MSFT) re-entered the smartphone game at CES 2011 with Windows Phone 7 with Windows OS on ARM (ARMH) designed chips.
  • Intel (INTC) is working hard to get its chips to run on mobile devices though it’s still an uphill battle displacing ARM-designed chips.
  • HP (HPQ) bought Palm last year and is prepping a line of WebOS tablets and smartphones.

Apple (AAPL) is forcing these changes on the industry according to Mr. Kim. the iPhone and the iPad made mobile computing more user-friendly. Apple CEO Steve Jobs predicted that overall PC usage would decline and suggested that lightweight devices like the iPad would do most of the tasks people needed. GigaOm says that companies that embrace this new reality, are the ones best positioned for the future. The new iFuture means PC manufacturers will have to accept that the switch to mobile devices may come at the cost of traditional computer sales. The article concludes that manufacturers can let someone else lure their PC customers away with a tablet or smartphone or they can build one themselves.

Tablets Are Hammering The Notebook Market: Acer Sales Off 10%

The BusinessInsider reports that Acer (ACEIY) has warned that its 2011 Q1 sales will be off 10%. The Taiwanese PC maker is blaming Apple’s iPad and it tablet cousins for devastating its key netbook business.

Related articles

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , ,